Closed justinmclean closed 9 months ago
@ch3yne Can you confirm if NONE_ENV=production yarn list
or license-checker --production
gives a valid list of software for production?
In the list checked with license-checker --production
, here are the top-level ones actually used in the web directory.
├─ @emotion/cache │ ├─ licenses: MIT │ ├─ repository: https://github.com/emotion-js/emotion/tree/main/packages/cache │ ├─ path: gravitino/web/node_modules/@emotion/cache │ └─ licenseFile: gravitino/web/node_modules/@emotion/cache/LICENSE
├─ @emotion/react │ ├─ licenses: MIT │ ├─ repository: https://github.com/emotion-js/emotion/tree/main/packages/react │ ├─ publisher: Emotion Contributors │ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@emotion/react │ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/@emotion/react/LICENSE
├─ @hookform/resolvers │ ├─ licenses: MIT │ ├─ repository: https://github.com/react-hook-form/resolvers │ ├─ publisher: bluebill1049 │ ├─ email: bluebill1049@hotmail.com │ ├─ path: gravitino/web/node_modules/@hookform/resolvers │ └─ licenseFile: gravitino/web/node_modules/@hookform/resolvers/LICENSE
├─ @mui/lab │ ├─ licenses: MIT │ ├─ repository: https://github.com/mui/material-ui │ ├─ publisher: MUI Team │ ├─ path: gravitino/web/node_modules/@mui/lab │ └─ licenseFile: gravitino/web/node_modules/@mui/lab/LICENSE
├─ @mui/material │ ├─ licenses: MIT │ ├─ repository: https://github.com/mui/material-ui │ ├─ publisher: MUI Team │ ├─ path: gravitino/web/node_modules/@mui/material │ └─ licenseFile: gravitino/web/node_modules/@mui/material/LICENSE
├─ @mui/x-data-grid │ ├─ licenses: MIT │ ├─ repository: https://github.com/mui/mui-x │ ├─ publisher: MUI Team │ ├─ path: gravitino/web/node_modules/@mui/x-data-grid │ └─ licenseFile: gravitino/web/node_modules/@mui/x-data-grid/LICENSE
├─ @mui/x-tree-view │ ├─ licenses: MIT │ ├─ repository: https://github.com/mui/mui-x │ ├─ publisher: MUI Team │ ├─ path: gravitino/web/node_modules/@mui/x-tree-view │ └─ licenseFile: gravitino/web/node_modules/@mui/x-tree-view/LICENSE
├─ @reduxjs/toolkit │ ├─ licenses: MIT │ ├─ repository: https://github.com/reduxjs/redux-toolkit │ ├─ publisher: Mark Erikson │ ├─ email: mark@isquaredsoftware.com │ ├─ path: gravitino/web/node_modules/@reduxjs/toolkit │ └─ licenseFile: gravitino/web/node_modules/@reduxjs/toolkit/LICENSE
├─ axios@1.6.2 │ ├─ licenses: MIT │ ├─ repository: https://github.com/axios/axios │ ├─ publisher: Matt Zabriskie │ ├─ path: gravitino/web/node_modules/axios │ └─ licenseFile: gravitino/web/node_modules/axios/LICENSE
├─ chroma-js@2.4.2 │ ├─ licenses: (BSD-3-Clause AND Apache-2.0) │ ├─ repository: https://github.com/gka/chroma.js │ ├─ publisher: Gregor Aisch │ ├─ path: gravitino/web/node_modules/chroma-js │ └─ licenseFile: gravitino/web/node_modules/chroma-js/LICENSE
├─ clsx@2.0.0 │ ├─ licenses: MIT │ ├─ repository: https://github.com/lukeed/clsx │ ├─ publisher: Luke Edwards │ ├─ email: luke.edwards05@gmail.com │ ├─ url: https://lukeed.com │ ├─ path: gravitino/web/node_modules/clsx │ └─ licenseFile: gravitino/web/node_modules/clsx/license
├─ dayjs@1.11.10 │ ├─ licenses: MIT │ ├─ repository: https://github.com/iamkun/dayjs │ ├─ publisher: iamkun │ ├─ path: gravitino/web/node_modules/dayjs │ └─ licenseFile: gravitino/web/node_modules/dayjs/LICENSE
├─ next@14.0.3 │ ├─ licenses: MIT │ ├─ repository: https://github.com/vercel/next.js │ ├─ path: gravitino/web/node_modules/next │ └─ licenseFile: gravitino/web/node_modules/next/license.md
├─ nprogress@0.2.0 │ ├─ licenses: MIT │ ├─ repository: https://github.com/rstacruz/nprogress │ ├─ publisher: Rico Sta. Cruz │ ├─ email: hi@ricostacruz.com │ ├─ path: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/nprogress │ └─ licenseFile: /Users/cheyne/workspace/datastrato/github/ch3yne/gravitino/web/node_modules/nprogress/License.md
├─ react-dom@18.2.0 │ ├─ licenses: MIT │ ├─ repository: https://github.com/facebook/react │ ├─ path: gravitino/web/node_modules/react-dom │ └─ licenseFile: gravitino/web/node_modules/react-dom/LICENSE
├─ react-hook-form@7.48.2 │ ├─ licenses: MIT │ ├─ repository: https://github.com/react-hook-form/react-hook-form │ ├─ email: bluebill1049@hotmail.com │ ├─ path: gravitino/web/node_modules/react-hook-form │ └─ licenseFile: gravitino/web/node_modules/react-hook-form/LICENSE
├─ react-hot-toast@2.4.1 │ ├─ licenses: MIT │ ├─ repository: https://github.com/timolins/react-hot-toast │ ├─ publisher: Timo Lins │ ├─ path: gravitino/web/node_modules/react-hot-toast │ └─ licenseFile: gravitino/web/node_modules/react-hot-toast/LICENSE
├─ react-redux@8.1.3 │ ├─ licenses: MIT │ ├─ repository: https://github.com/reduxjs/react-redux │ ├─ publisher: Dan Abramov │ ├─ email: dan.abramov@me.com │ ├─ url: https://github.com/gaearon │ ├─ path: gravitino/web/node_modules/react-redux │ └─ licenseFile: gravitino/web/node_modules/react-redux/LICENSE.md
├─ react-use@17.4.2 │ ├─ licenses: Unlicense │ ├─ repository: https://github.com/streamich/react-use │ ├─ publisher: @streamich │ ├─ path: gravitino/web/node_modules/react-use │ └─ licenseFile: gravitino/web/node_modules/react-use/LICENSE
├─ react@18.2.0 │ ├─ licenses: MIT │ ├─ repository: https://github.com/facebook/react │ ├─ path: gravitino/web/node_modules/react │ └─ licenseFile: gravitino/web/node_modules/react/LICENSE
├─ redux@4.2.1 │ ├─ licenses: MIT │ ├─ repository: https://github.com/reduxjs/redux │ ├─ path: gravitino/web/node_modules/redux │ └─ licenseFile: gravitino/web/node_modules/redux/LICENSE.md
└─ yup@1.3.2 ├─ licenses: MIT ├─ repository: https://github.com/jquense/yup ├─ publisher: @monasticpanic Jason Quense ├─ path: gravitino/web/node_modules/yup └─ licenseFile: gravitino/web/node_modules/yup/LICENSE.md
A grep for some of the licenses shows this list is not complete, so I'm using the full list reported by license-checker -production
until we have a definite list.
So comparisons can be made here are all the 3rd party production dependencies and their licenses.
A grep for some of the licenses shows this list is not complete, so I'm using the full list reported by
license-checker -production
until we have a definite list.
yarn licenses list --production
or license-checker --production
commands can list out all the dependencies needed in the development, including nested dependencies. I think these commands is sufficient.
yarn licenses list --production
licenses.txt
yarn licenses generate-disclaimer
running this command will return a sorted list of licenses from all the installed packages to the stdout.
yarn licenses generate-disclaimer
running this command will return a sorted list of licenses from all the installed packages to the stdout.
While helpful, it is not usable as is, as it also includes the txt of incompatible licenses and extra text that should not be included in a license file, e.g. GPL. Some of the software is dual-licensed, and we need to select which license it is under. I think it also also includes licenses used at build time but not in the release.
A grep for some of the licenses shows this list is not complete, so I'm using the full list reported by
license-checker -production
until we have a definite list.
yarn licenses list --production
orlicense-checker --production
commands can list out all the dependencies needed in the development, including nested dependencies. I think these commands is sufficient.
yarn licenses list --production
licenses.txt
I think you mean production rather than development.
yarn licenses generate-disclaimer
running this command will return a sorted list of licenses from all the installed packages to the stdout. license-details.txtWhile helpful, it is not usable as is, as it also includes the txt of incompatible licenses and extra text that should not be included in a license file, e.g. GPL. Some of the software is dual-licensed, and we need to select which license it is under. I think it also also includes licenses used at build time but not in the release.
Okay, thanks, I understand now.
A grep for some of the licenses shows this list is not complete, so I'm using the full list reported by
license-checker -production
until we have a definite list.
yarn licenses list --production
orlicense-checker --production
commands can list out all the dependencies needed in the development, including nested dependencies. I think these commands is sufficient.yarn licenses list --production
licenses.txtI think you mean production rather than development.
Apologies, I used the incorrect word.
We need to update the LICENSE and NOTICE files. To do that, we need a list of all software that ends up in the distribution, their license text, and if they are Apache licensed if they have a NOTICE file and it contents.